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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

What is claimed is: 

1. (Currently Amended) An Application Gateway Module suitable for 
use in a telecommunication system wherein a service network authenticates a user 
and authorizes the user for accessing a service offered by a service provider, the 
Application Gateway Module arranged for intercepting application messages between 
the user and the service and for identifying said user and said service, and including: 

[[-]] means for obtaining an authorization decision on whether the user is 
allowed to access the service; 

the Application Gateway Module comprising: 

[[-]] means for assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

[[-]] means for configuring a first finite-state machine with a number of status 
intended to identify specific events in service delivery whe re, the first finite state 
machine configured to control service progression can b e controlled; and 

means for initi ating a specific instance of the first finite-state machine, said 
specific in stance being identified bv the assigned service session identifier: and 

[[-]] means for activating service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified bv the assigned service 
session identifier . 

2. (Canceled) 



Page 2 of 14 



Attorney Docket No. P18123-US1 
EUS/GJ/P/1 0-2522 



3. (Currently Amended) The Application Gateway Module of claim [[2]] 
1, wherein the means for activating service policies include means for setting at least 
one element selected from a non-exhaustive list of references and attributes that 
comprises: a number of message field values to match, a number of specific actions to 
carry out on matching, a number of timer values to run, and a number of transactions to 
supervise. 

4. (Currently Amended) The Application Gateway Module of claim [[2]] 
I, wherein the means for activating service policies include means for activating a 
global service policy independently of any service delivery in progress. 

5. (Currently Amended) The Application Gateway Module of claim [[2]] 
1, wherein the means for activating service policies include means for initiating an 
instance of a global service policy to apply as an individual service policy within a 
specific instance of the first finite-state machine, the individual service policy inheriting 
references and attributes from the global service policy. 

6. (Previously Presented) The Application Gateway Module of claim 5, 
further comprising means for overwriting references and attributes of an individual 
service policy with new references and attributes during a service progression handled 
within a specific instance of the first finite- state machine. 

7. (Previously Presented) The Application Gateway Module of claim 5, 
wherein a particular state is associated with a number of individual service policies 
within a specific instance of the first finite-state machine, said instance identified by a 
given service session identifier. 

8. (Previously Presented) The Application Gateway Module of claim 2, 
wherein the means for obtaining an authorization decision include means for requesting 
a service authorization from an Authorization Module. 
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9. (Previously Presented) The Application Gateway Module of claim 8, 
wherein the means for activating service policies include means for receiving from the 
Authorization Module at least one element applicable to set a service policy, the 
element selected from a non-exhaustive list of references and attributes that comprises: 
a number of message field values to match, a number of specific actions to carry out on 
matching, a number of timer values to run, and a number of transactions to supervise. 

10. (Previously Presented) The Application Gateway Module of claim 8, 
wherein the means for activating service policies includes means for receiving a global 
service policy from the Authorization Module. 

11. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for receiving references and attributes from the Authorization 
Module applicable to overwrite an individual service policy with new references and 
attributes during a service progression handled within a specific instance of the first 
finite-state machine. 

12. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for notifying to the Authorization Module a specific event in 
service progression. 

13. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for requesting from the Authorization Module a further 
processing to determine an appropriate action to go on with the service progression. 

14. (Previously Presented) The Application Gateway Module of claim 13, 
further comprising means for receiving from the Authorization Module an instruction 
selected from: access granted without restriction, another service to substitute a 
previous service requested, forced logout, and indication of a state transition. 
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15. (Currently Amended) An Authorization Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
authorizes the user for accessing a service offered by a service provider, the 
Authorization Module arranged for deciding whether a user is allowed to access a 
service and having: 

[[-]] means for receiving a sen/ice authorization request from an Application 
Gateway Module; and 

[[-]] means for returning to the Application Gateway Module a response on 
whether the user is granted access to the requested service; 
the Authorization Module comprising : 

[[-]] means for generating a service session identifier intended to correlate those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

[[-]] means for configuring a second finite-state machine with a number of status 
intended to identify specific events in service progression whero tho Authorization 
Modulo can , the second finite-state m a chine usable bv the Authorization Module to art 
over the Application Gateway Module to control the service progression; [[and]] 

means for initiating a specific instance of the second finite-state machine, said 
specific instance being identified bv said service session identifier: and 

[[-]] means for determining service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified bv the assigned serving 
session identifier. 



16. (Previously Presented) The Authorization Module of claim 15, wherein 
the means for generating a service session identifier comprise means for including said 
service session identifier in the response to be returned to the Application Gateway 
Module on whether the user is granted access to the requested service. 

17. (Canceled) 
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18. (Currently Amended) The Authorization Module of claim [[17]] 15, 
wherein a particular state is associated with a number of service policies within a 
specific instance of the second finite- state machine, said instance identified by a given 
service session identifier. 

19. (Previously Presented) The Authorization Module of claim 15, wherein 
the means for determining service policies comprise means for including in the 
response towards the Application Gateway Module at least one information element to 
activate a service policy within a specific state in the Application Gateway Module, said 
at least one information element selected from a non-exhaustive list of references and 
attributes that comprises: 

- a number of message field values to match; 

- a set of actions to carry out on matching a given message field value ; 

- a number of new timer values to run; and 

- a number of transactions to supervise. 

20. (Previously Presented) The Authorization Module of claim 19, wherein 
the means for including in the response towards the Application Gateway Module at 
least one information element to activate a service policy include means for indicating 
that this is a global service policy to apply independently of any service delivery in 
progress. 

21. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving a notification, from an Application Gateway Module 
indicating a specific event detected in service progression. 

22. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving a request, from an Application Gateway Module, asking 
for an instruction to proceed with a service progression. 
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23. (Previously Presented) The Authorization Module of claim 22, further 
comprising means for sending towards the Application Gateway Module an instruction 
selected from: access granted without restriction, another service to substitute a 
previous service requested, forced logout, and indication of a state transition. 

24. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving an application message from at least one entity 
selected from a number of application servers and provisioning systems, the 
application message including a given service session identifier intended to identify a 
specific instance of the second finite-state machine in the Authorization Module. 

25. (Currently Amended) A method for authorizing a user of a service 
network to access a service offered by a service server of a service provider, the user 
already authenticated by the service network, the server arranged to deliver a service 
that comprises a plurality of transactions by exchanging a plurality of application 
messages with the user, the method comprising the steps of: 

[[-]] obtaining a first authorization decision on whether the user is allowed to 
access the service; 

[[-]] generating and assigning a service session identifier intended to identify 
those application messages exchanged between the user and the service and that 
belong to a same service delivery authorized for said user; 

[[-]] configuring at least one finite-state machine with a number of status 
intended to identify specific events in service delivery wher e, the finite-state machine 
usable for controlling service progression can bo controlled; and 

initiating a specific instance of the at least one finite-state machine, said specific 
instance being identifi ed bv the assigned service session identifier: and 

[[-]] activating service policies applicable to said specific events and resulting in 
a state transition in the spe cific instance identified bv the assigned service session 
identifier . 

26. (Canceled) 
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27. (Currently Amended) The method of claim [[26]] 25, wherein a 
particular state within the specific instance of the at least one finite-state machine is 
associated with a number of service policies. 

28. (Previously Presented) The method of claim 25, wherein the step of 
activating service policies includes a step of setting at least one element selected from 
a non-exhaustive list of references and attributes that comprises: a number of message 
field values to match, a number of specific actions to carry out on matching, a number of 
timer values to run, and a number of transactions to supervise. 

29. (Previously Presented) The method of claim 25, further comprising a 
step of receiving at the service network an application message originated at an entity 
selected from, a number of service servers of a service provider and a number of 
entities of a provisioning system, the application message including a given service 
session identifier intended to identify a specific instance of the at least one finite-state 
machine. 

30. (Previously Presented) The method of claim 25, wherein the step of 
configuring at least one finite-state machine further comprises configuring a first finite- 
state machine in an Application Gateway Module and configuring a second finite-state 
machine in an Authorization Module. 
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